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APPARATUS AND METHOD 
FOR INTEGRATED CHIPSET CONTENT PROTECTION 

BACKGROUND OF THE INVENTION 

Field of the Invention 

The invention is related generally to computer technology and, more particularly, 
5 to decryption technology. 

Background Information 

The popularity of integrated chipsets has resulted in an increasing demand for 
effective decryption techniques. Conventional decryption techniques rely on software 

10 only, hardware only or a combination of hardware and software. The software only 

solution uses a general-purpose processor to run a typically very complicated algorithm, 
such as PGP, to decrypt the information. The problem with these solutions is their long 
decryption execution times. In particular, it can take several seconds on a very fast 
processor to decrypt information that was encrypted with a good public/private key 

15 algorithm. These techniques are, however, very secure. In fact, the National Security 
Agency is concerned with not being able to crack the codes used in some of these 
algorithms. 

The second method, hardware only, uses dedicated hardware to speed up the 
decryption process. Although speed is a main advantage, hardware only methods once 
20 compromised, remain so. In particular, if millions of units have been distributed and later 
compromised, then they will remain compromised. This is a major problem facing cable 
set-top descrambler manufacturers. 
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The third method, a combination of hardware and software, is generally a good 
compromise between the software only and hardware only methods. Distributed System 
Service (DSS) systems use a method of combined hardware and software, as do some of 
the more expensive software packages for the personal computer. The PTEL method, 
5 which uses a series of configurable, but limited function, logic blocks is a good example 
of the combination of hardware and software methods. However, while being fairly 
secure, they have a couple of the previously mentioned disadvantages. The hardware part 
can still be deciphered, which can put millions of units at risk. Also, the software part is 
slow and is therefore used to configure, enable or disable the function and cannot be used 
10 to encrypt and decrypt the information being used. 

What is needed therefore is the security of the software only method with the 
speed of the hardware only method, but without the exposure to the risk of being 
compromised. 



1 5 BRIEF DESCRIPTION OF THE DRAWINGS 

FIG, 1 is a block diagram of the inferred hardware assisted decryption chipset 
architecture in accordance with the present invention. 

FIG. 2 is a flowchart of an algorithm for implementing the inferred hardware 
assisted decryption method. 
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DETAILED DESCRIPTION OF THE ILLUSTRATED EMBODIMENTS 

The present invention provides an inferred hardware assisted decryption (IHAD) 
25 electronic system 1 0 that utilizes a re-configvirable hardware block in conjunction with a 
processor running a software decryption algorithm that determines the form of the 
hardware. The re-configurable feature of the IHAD allows the hardware to be changed at 
regular intervals, thus circumventing any attempts at compromising the hardware. For 
example, a new hardware configuration could be used everyday, or even every 
30 transaction. As a result, by the time the hardware is compromised, it is no longer being 
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used. The speed benefits of a hardware only type of decryption can thus be reaUzed 
without the Hmitations typically associated with hardware only solutions. 

In the following description, some terminology is used to discuss certain 
functions. For example, an "electronic system" is a system including processing and 
5 internal data storage which may include, but is not limited to a computer such as laptops 
or desktops, servers, set top boxes, imaging devices (e.g., printers facsimile machines, 
scanners, etc.), financial devices (e.g., ATM machines) and the like. The present 
invention is thus applicable to any implementation that would benefit from re- 
configurable hardware protection. "Information" is defined as one or more bits of data, 

10 address, and/or control. A "message" is generally defined as information being 

transferred during one or more bus cycles. A "key" is an encoding and/or decoding 
parameter used by conventional cryptographic algorithms such as for example, a Data 
Encryption Algorithm as specified in Data Encryption Standard and the like. 

Referring to FIG. 1, an illustrative embodiment of an IHAD enabled chipset 

15 electronic system 10 employing the present invention is shown. The electronic system 10 
includes a central processing unit ("CPU") 12 and a system memory 14 coupled together 
by a chipset 16. The CPU 12 in the system 10 executes the public/private key decryption 
algorithm (illustrated in FIG. 2 and described herein) and controls the configuration of 
the programmable logic circuit 18 in the chipset 16. One skilled in the art will recognize 

20 that the system memory 14 may be any kind of memory, including but not limited to a 
dynamic random access memory ("DRAM") or static random access memory ("SRAM"). 

The chipset 16 is circuitry and/or software that operates as an interface between a 
plurality of buses, such as, for example a CPU bus 20, a system memory bus 22 and a 
peripheral bus 24. The chipset 16 includes a processor interface 26, programmable array 

25 logic circuit 18, such as a programmable array of gates, configuration logic 28, memory 
30, chipset logic 32 and memory interface 34. Those of ordinary skill in the art will 
recognize that the programmable logic circuit 1 8 may have different types of array 
modules as well as combinations of two or more types of modules. For illustrative 
purposes, the present invention will refer to the programmable logic circuit 1 8 as a 

30 programmable array of gates, although one skilled in the art will recognize that other 

logic circuits could be used as well. The CPU 12 reconfigures the programmable array of 
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gates 18 upon command to circumvent any attempts at compromising the hardware. By 
the time a user attempts to compromise a particular hardware configuration, the 
configuration would most likely have been changed at least once. Where security is 
particularly important, the programmable array of gates 18 could be reconfigured such 
5 that a new hardware configuration is used for every transaction. A new hardware 
configuration for decryption can thus be provided for each transaction and then 
subsequently discarded. 

The chipset 16 operates as a communicative pathway to both the system memory 
14 and peripheral devices 36. One or more peripheral devices 36 may be coupled to the 

10 bus 24 including, but not limited to, an accelerated graphics port (AGP) bus for 

connection to an AGP device (e.g., a graphics device), peripheral component interconnect 
(PCI) bus and hub link (e.g., an interface between computer components). In a typical 
implementation, such as a PC platform, peripheral components such as network 
controllers, disk controllers, and floppy disk controllers connect to the chipset 16 through 

1 5 the hub link via bus 24. 

For illustrative purposes, the operations of the IHAD electronic system 10 are 
discussed in relation to the receipt of an encrypted external message, such as an 
encrypted external message (e.g., real time video) downloaded off the Internet from a 
source. The encrypted external message, which may be stored in system memory 14 

20 once it is downloaded, is typically encrypted utilizing a public key/private key or other 
conventional secure method. 

Prior to decrypting the message, an encrypted hardware configuration code 
associated with the encrypted external message is provided to the chipset 16 from the 
source. The CPU 12, in communication with the chipset 16, decrypts the encrypted 

25 hardware configuration code using a local key. The key is extracted from the message by 
decrypting the message with a key contained in the memory 30 of the chipset 16. The 
key may be a private key associated with the electronic system 10 if public/private key 
cryptography is used to secure communication between the IHAD electronic system 10 
and other networked systems. 

30 The CPU 12 thus processes the hardware configuration code using a key to which 

it has access. The public and/or private key used during the initial decryption phase 
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could be held in the memory 30, typically in a non-volatile RAM although a volatile 
RAM could be used as well Alternatively, the key could be held in the CPU's ROM or 
RAM, depending on the requirements of the application. The configuration logic 28 
assists the CPU 12 in configuring the programmable array of gates 18. 
5 The CPU 12 thus reads the key, decodes the message and runs a software 

decryption algorithm that will determine the unique configuration of the hardware. By 
determining the unique configuration of the hardware, the CPU 12 configures the 
hardware itself via the programmable array of gates 18. After the encrypted hardware 
configuration code is decoded, the CPU 12 sends command signals through the 

10 configuration logic 28 into the programmable array of gates 1 8 for reconfiguring the 
hardware. The configuration logic 28 assists the CPU 12 in configuring the 
programmable array of gates 18. The memory interface block 34 interfaces the 
programmable array of gates 18 to the remaining chipset logic 32 and system memory 14. 
One skilled in the art will recognize that the programmable array of gates 1 8 can be 

15 reconfigured in a conventional manner, for example, by adjusting the wiring of the gates, 
flip-flops and so forth. 

After the decryption hardware is uniquely configured through programming the 
programmable array of gates 18 to a desired setting, the CPU 12 can optionally notify the 
source that a secure connection has been established and requests that the associated 

20 encrypted external message be transmitted to the IHAD electronic system 10. Li the case 
where the encrypted external message is downloaded from the Internet, the CPU 12 can 
optionally transmit a signal back over the Internet indicating that a secure connection has 
been established. The encrypted external message may be routed through bus 24 to the 
chipset logic 32 and interface 26. The encrypted external message is then applied to the 

25 programmable array of gates 1 8 which decrypts the external message utilizing the unique 
hardware configuration established earlier. After the external message is decrypted, it is 
routed to the system memory 14 via memory interface 34 and eventually displayed. 

Alternatively, the encrypted external message could be routed to the chipset 16 
via the system memory 14. The encrypted external message is then applied to the 

30 programmable array of gates 18 (via the memory interface 34) which decrypts the 

external message utilizing the unique hardware configuration established earlier. After 
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the external message is decrypted, it is routed back to the system memory 14 via memory 
interface 34 and eventually displayed. 

One skilled in the art will recognize that the particular manner (i.e. via the chipset 
logic or memory interface) the programmable array of gates 1 8 receives the encrypted 
5 external message is not critical to the present invention. After the CPU 12 determines 
that the decryption hardware is configured as desired, the encrypted external message 
passes through the new hardware (configured via the programmable array of gates 1 8) 
and is decrypted with the new custom hardware configuration until the transaction is 
complete. The hardware may be reconfigured at regular intervals to circumvent any 

10 attempts at compromising the hardware. Correspondingly, there may be instances where 
it is not necessary to reconfigure the hardware. 

Referring to FIG. 2, a flowchart 40 of an algorithm for implementing the present 
invention is illustrated. Initially, in step 42, a transaction is set up and the CPU 12 clears 
or verifies the programmable array of gates 18. The CPU 12 then receives the encrypted 

15 hardware configuration code (i.e. encrypted version of the hardware through the chipset 
16) from a source that is sending the encrypted external message (step 44). The CPU 12 
decrypts the hardware configuration code using a local key (step 46). The non-volatile 
RAM could be used to hold the public and/or private key used during the initial 
decryption phase. Alternatively, the key could be held in the CPU's ROM or RAM, 

20 depending on the requirements of the application. 

The CPU 12 then programs the array of gates 18 (step 48). The CPU 12 would 
execute a public/private key decryption algorithin and control the configuration of the 
programmable array of gates 18 (step 50). The exact details of how the configuration 
logic 28 configures the programmable array of gates 18 is not critical to the present 

25 invention and any conventional method may be utilized. The CPU 12 then notifies the 
source that the decryption hardware is properly configured and ready to decrypt the 
associated encrypted external message (step 52). The encrypted external message is 
routed through the new hardware configuration and accordingly decrypted (step 54). 
One skilled in the art will recognize that the present invention is potentially 

30 valuable to anyone involved in the secure distribution of information via electronic digital 
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means. For example, the invention would be useful in platfomis that receive 
entertainment type information for immediate use by the consumer. 

Having now described the invention in accordance with the requirements of the 
patent statutes, those skilled in the art will understand how to make changes and 
5 modifications to the present invention to meet their specific requirements or conditions. 
Such changes and modifications may be made without departing from the scope and 
spirit of the invention as set forth in the following claims. 
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